9 matches found
EUVD-2025-29201
Malicious code in bioql PyPI...
CVE-2025-58748
Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation H2.java does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon...
CVE-2025-58748 Dataease H2 data source JDBC URL validation bypass leads to remote code execution
Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation H2.java does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon...
Apache Solr 4.0.0 < 4.10.4 XML Resource Consumption Attack
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack via its update handle; leveraging XML DOCTYPE and ENTITY type elements, a remote, unauthenticated attacker may write data to the server which will expand when the server parses th...
CVE-2019-12401
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack a.k.a. Lol Bomb via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML...
CVE-2019-12401
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack a.k.a. Lol Bomb via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML...
Design/Logic Flaw
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack a.k.a. Lol Bomb via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML...
CVE-2019-12401
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack a.k.a. Lol Bomb via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML...
PT-2019-12786 · Apache · Solr
Name of the Vulnerable Software and Affected Versions: Solr versions 1.3.0 through 1.4.1 Solr versions 3.1.0 through 3.6.2 Solr versions 4.0.0 through 4.10.4 Solr versions prior to 5.0.0 Description: The issue allows for an XML resource consumption attack, also known as a Lol Bomb, via the update...